Vulnerability ID 4171

Apple Safari up to 5.0 buffer overflow

Apple
CVSSv3 Temp ScoreCurrent Exploit Price (≈)
7.0$2k-$5k

A vulnerability has been found in Apple Safari up to 5.0 and classified as critical. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 07/22/2010 with Apple as HT4276 as confirmed advisory. The advisory is shared for download at support.apple.com. This vulnerability is known as CVE-2010-1778 since 05/06/2010. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

The vulnerability scanner Nessus provides a plugin with the ID 47888 (Safari < 5.0.1 Multiple Vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Windows and running in the context local.

Upgrading eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at support.apple.com. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published 6 days after the disclosure of the vulnerability. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 10064.

The vulnerability is also documented in the databases at SecurityFocus (BID 42020), Secunia (SA40664) and Vulnerability Center (SBV-26640). See 4317, 54197, 54198 and 54199 for similar entries.

CVSSv3

Base Score: 7.3 [?]
Temp Score: 7.0 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C [?]
Reliability: High

CVSSv2

Base Score: 6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P) [?]
Temp Score: 5.9 (CVSS2#E:ND/RL:OF/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Buffer overflow (CWE-79)
Local: No
Remote: Yes

Availability: No

Current Price Estimation: $25k-$50k (0-day) / $2k-$5k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k


Nessus ID: 47888
Nessus Name: Safari < 5.0.1 Multiple Vulnerabilities
Nessus File: macosx_Safari5_0_1.nasl
Nessus Family: Windows
Nessus Context: local
OpenVAS ID: 862241
OpenVAS Name: Fedora Update for qt FEDORA-2010-11011
OpenVAS File: gb_fedora_2010_11011_qt_fc13.nasl
OpenVAS Family: Fedora Local Security Checks

Countermeasures

Recommended: Upgrade
Status: Official fix
Reaction Time: 6 days since reported
0-Day Time: 0 days since found
Exposure Time: 6 days since known

Patch: support.apple.com
TippingPoint: 10064

Timeline

05/06/2010 CVE assigned
07/22/2010 +77 days Advisory disclosed
07/28/2010 +6 days Countermeasure disclosed
07/28/2010 +0 days VulnerabilityCenter entry assigned
07/28/2010 +0 days Nessus plugin released
07/30/2010 +2 days NVD disclosed
08/02/2010 +3 days VulnerabilityCenter entry created
08/04/2010 +3 days OSVDB entry created
08/19/2010 +14 days VulDB entry created
02/24/2013 +920 days VulnerabilityCenter entry updated
07/08/2015 +864 days VulDB entry updated

Sources

Advisory: HT4276
Organization: Apple
Status: Confirmed
Confirmation: support.apple.com

CVE: CVE-2010-1778 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 42020
Secunia: 40664 - Apple Safari Multiple Vulnerabilities, Highly Critical
Vulnerability Center: 26640 - Apple Safari \x3C 5.0.1 Cross Site Scripting via an RSS Feed, Medium
OSVDB: 66844

See also: 4317, 54197, 54198, 54199, 54200, 54201, 54202, 54203, 54204, 54205, 54206, 54207, 54208, 54209

Entry

Created: 08/19/2010
Updated: 07/08/2015
Entry: 92.9% complete